Good news everyone! Rails 3.2.6 has been released. There are important security fixes, so please take a look.

Good news everyone! Rails version 3.2.6 has been released. This release of Rails contains two important security fixes: CVE-2012-2694 Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails CVE-2012-2695 Ruby on Rails SQL Injection Please note that the last round of security fixes DO NOT cover the situations that these patches fix. Therefore it is suggested that all users upgrade immediately. For more information about these issues, please see the annoumcenents on the rubyonrails-security mailing list . Other changes for this release can be found in each component's CHANGELOG: Action Mailer Action Pack Active Model Active Record Active Support Railties All changes can be found here .